I am a bit confused why shifting liability would be linked to maximizing data theft, and why would that data theft be done by some regulatory agencies - can you elaborate?
The liability shift that I had in mind is mostly about immunity from liability for the impersonated person, like, if some criminal defrauds a company by claiming to be Bob, then shifting the liability for that risk (compared to currently common cases in USA) to that company which had lax processes and was defrauded would be various consumer protection mechanisms for things like credit score, preventing that company from trying to collect that money from Bob, preventing them from reporting that Bob owes them money (as he doesn't) and requiring that company to correct any adverse credit reports if they had already made them, etc, various means to ensure that the fraud stays between the fraudster and the defrauded company and doesn't affect the person whose identity was falsely used; and removing the implication that they are somehow responsible if that information (which they aren't legally required to keep secret) is used by someone else.
The liability shift that I had in mind is mostly about immunity from liability for the impersonated person, like, if some criminal defrauds a company by claiming to be Bob, then shifting the liability for that risk (compared to currently common cases in USA) to that company which had lax processes and was defrauded would be various consumer protection mechanisms for things like credit score, preventing that company from trying to collect that money from Bob, preventing them from reporting that Bob owes them money (as he doesn't) and requiring that company to correct any adverse credit reports if they had already made them, etc, various means to ensure that the fraud stays between the fraudster and the defrauded company and doesn't affect the person whose identity was falsely used; and removing the implication that they are somehow responsible if that information (which they aren't legally required to keep secret) is used by someone else.